On Wed, Sep 11, 2002 at 10:07:34AM -0400, Ellen Hasenkamp wrote:
> thought someone else might benefit from having a syntax example for Apache
> that really, really works.
>
> Add the following to the Httpd.conf file:
>
> <Location />
> Header append P3P "policyref=\"../w3c/p3p.xml\", CP=\"IDC DSP COR CURa ADMa
> DEVa TAIa PSAa OUR BUS IND PHY ONL UNI COM NAV INT DEM CNT PRE LOC\""
> </Location>
I would like to indicate, that there is a full technical explanation on
how to implement P3P on the server-side in the P3P Deployment Guide:
http://www.w3.org/TR/p3pdeployment
Please note, that this is only an example for configuration. As the
tokens carry semantics, you risk to carry misleading semantics in the
http-header if you don't obey to the things expressed in the tokens.
Those here mean you:
IDC <ident-contact/> (you identify people to contact them later)
DSP COR some dispute resolution thingy and errors will be corrected
CURa is illegal with respect to the Spec (and will therefor only work
with current IE6) as there is no more attribute on <current/>
ADM site administration (no opt-out)
DEV development of the site
TAI (tailoring of the site)
PSAa (pseudo-analysis, no opt-out (tracking unter some pseudonym like
IP-address or cookie
OUR we receive this information
BUS others with the same business-practice receive that information
IND we keep your data indefinitely
PHY we collect physical contact info
ONL we collect online information
UNI we collect online uniqueID's
COM we collect info about your computer
NAV we collect info about your navigation (aka clickstream)
INT all interactive information is collected
DEM also demographic information
CNT and content information
PRE and your preferences
LOC and your location
It would really surprise me, if this would work with IE6 in the default
setting as it is identifying the individual.
So Please and Please only declare what you are really doing and don't
forget to provide also a full-policy at the same time (mandatory)
So please, don't use statements from third parties just because they
promise it would work. It may bring you more risk than benefit to do so.
Consider carefully the use of personal data and follow the advices on
the P3P-pages (http://www.w3.org/P3P/) and on http://www.p3ptoolbox.org/
If you experience trouble with implementing P3P on the server-side,
please look at the Server-Implementation-Guide:
http://www.w3.org/TR/p3pdeployment
Remember that the hardest question in implementing P3P on your site is
to first think about and implement Privacy. The technical stuff is
really less challenging, especially on the server-side.
Best,
--
Rigo Wenning W3C/INRIA
Policy Analyst Privacy Activity Lead
mail:rigo@w3.org 2004, Routes des Lucioles
http://www.w3.org/ F-06902 Sophia Antipolis